ICS Spectre, Meltdown Update Part III

Thursday, February 22, 2018 @ 01:02 PM gHale

There has been another in a series of ongoing updates on ICS vendors offering information for critical infrastructure asset owners/operators affected by the cache side-channel attacks known as Meltdown and Spectre, according to a report from ICS-CERT.

Exploitation of these vulnerabilities, which have case numbers of CVE-2017-5753, CVE-2017-5715, and CVE-2017-5754, may allow unauthorized disclosure of information.

ICS-CERT also provides a control systems recommended practices page on the ICS-CERT web site. Several recommended practices are available for reading or download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Organizations that observe any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents.